Zip4j-1.3.2.jar -
// Build the parameters for the zip ZipParameters parameters = new ZipParameters(); parameters.setCompressionMethod(Zip4jConstants.COMP_DEFLATE); parameters.setCompressionLevel(Zip4jConstants.DEFLATE_LEVEL_NORMAL);
Version 1.3.2 allows specifying custom character sets (e.g., Cp437 , UTF-8 , ISO-8859-1 ) to handle filename encoding issues common with cross-platform ZIP creation (especially from Windows to Linux).
: Comprehensive support for both standard Zip encryption and AES 128/256-bit encryption. Ease of Use : Functions like extractAll() addFolder() zip4j-1.3.2.jar
If you are still using , you should be aware of several critical security vulnerabilities found in this older version:
Let's explore the most common operations using zip4j-1.3.2.jar . Note that the API in version 1.3.2 is from the 2.x line – this guide uses the exact methods available in 1.3.2. // Build the parameters for the zip ZipParameters
version. Security researchers have identified several critical vulnerabilities in this specific build: Zip Slip Vulnerability (CVE-2018-1002202)
: Enables adding, removing, and extracting files from ZIP archives without complex stream manipulation. Note that the API in version 1
: This version is susceptible to path traversal attacks where a malicious ZIP file can overwrite files outside the target directory. Other CVEs
While newer versions exist, version 1.3.2 offers a mature, stable feature set that covers 90% of real-world ZIP manipulation needs.
A small subset of WinZIP-created AES-256 files may fail. Recreate the ZIP using Zip4j itself, or use ZipStandard encryption instead.